Demystifying the Catalyst: The Basics of Application Visibility in the Network

What is Flexible NetFlow and why should you use it? In this blog post, let’s take a look at the basics of Application Visibility in the network for capacity planning and security.

In an enterprise, hundreds of applications are accessed by users from different locations within the campus and remotely from a branch or home. The application usage is usually not known beforehand and increases non-uniformly over time. This non-uniform app usage translates to non-uniform increases in traffic across the network which complicates capacity planning. Another complexity to capacity planning is that there can be sudden spikes in the traffic due to security issues such as internal security breaches, viruses, Denial of Service attacks, or network-propagated worms. IT administrators should not wait for these incidents to happen in order to tackle them. Instead, administrators must have the ability to see the usage pattern in advance for capacity planning and security incident detection and remediation.

Cisco IOS Flexible NetFlow (FNF) is an embedded IOS tool that provides customized visibility into network traffic. It is available in most Cisco switches, wireless controllers and routers. Flexible NetFlow collects data that can be used to detect network anomalies that are the results of the undesired activities above, or improper user behavior or in general to see the trend in usage for capacity planning.

One really cool feature of Flexible NetFlow it that it can tell how many applications are really running in an enterprise? IT administrators can customize Flexible NetFlow to monitor applications in use, view traffic usage by time of day, source, destination and user applications.

Let’s take a look at couple of examples that compares situations prior to and after Flexible NetFlow deployment.

Example 1:

Before Flexible NetFlow: IT administrators rely on user feedback to learn that traffic usage has reached the network bandwidth limit and that it is time to upgrade the network capacity. Or, IT upgrades the capacity across the board on a preset timeline. All these are expensive propositions for capacity planning as companies either can’t get capacity needed in time or they over-deploy capacity that isn’t needed.

With Flexible NetFlow: IT administrators can use Flexible NetFlow and customize it to monitor the applications of interest and specific areas of the network. Alternatively, they can monitor the entire network to see how different parts of the network are being utilized, by application. Reports from Flexible NetFlow will help IT see the trends in usage and do effective capacity planning. They can do selective upgrades saving their company a lot of money. End users are also happier as they aren’t hindered by a network bandwidth limit – and ideally never know when an upgrade is required.

Example 2:

Before Flexible NetFlow: A malicious user starts a Denial of Service attack against a server. IT administrators fail to identify unexpected increases in traffic in that part of the network. The attack brings down the server and its service, affecting many users. Users open IT trouble tickets which prompts IT to investigate and remediate the problem – when it’s too late and already frustrated users.

With Flexible NetFlow: When the malicious user starts a Denial of Service attack on the server, the traffic in that part of the network starts to increase abnormally. This spike in traffic can be captured using Flexible NetFlow immediately when it starts to increase. IT administrators will be alerted about this anomaly and they can quickly trace the source of the attack and take remediation. IT is able to solve this problem without waiting for the trouble ticket to be opened by end users.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.